08e8d462fe
RED PILL 🔴 💊
31 lines
No EOL
720 B
Text
31 lines
No EOL
720 B
Text
rule RogueFakePAVSample
|
|
{
|
|
meta:
|
|
Description = "Rogue.FakePAV.sm"
|
|
ThreatLevel = "5"
|
|
|
|
strings:
|
|
$ = "ZALERT" ascii wide
|
|
$ = "ZAPFrm" ascii wide
|
|
$ = "ZAbout" ascii wide
|
|
$ = "ZAutoRunFrame" ascii wide
|
|
$ = "ZCheckBox" ascii wide
|
|
$ = "ZCplAll" ascii wide
|
|
$ = "ZFogWnd" ascii wide
|
|
$ = "ZFrameDEt" ascii wide
|
|
$ = "ZIEWnd" ascii wide
|
|
$ = "ZMainFrame" ascii wide
|
|
$ = "ZMainWnd" ascii wide
|
|
$ = "ZOptionsFrame" ascii wide
|
|
$ = "ZProcessFrame" ascii wide
|
|
$ = "ZProgressBar" ascii wide
|
|
$ = "ZPromo" ascii wide
|
|
$ = "ZReg" ascii wide
|
|
$ = "ZResFR" ascii wide
|
|
$ = "ZServiceFrame" ascii wide
|
|
$ = "ZUpdate" ascii wide
|
|
$ = "ZWarn" ascii wide
|
|
|
|
condition:
|
|
any of them
|
|
} |